The Federal government lacks the empowered leadership necessary to address U.S. cyber vulnerabilities, according to former Federal experts testifying before the Senate Foreign Relations Committee on June 13.
“For the entire apparatus, there currently isn’t an empowered, either an individual or an agency, to do what I think is necessary,” said Samantha Ravich, senior adviser for the Foundation for Defense of Democracies and former national security adviser for Vice President Dick Cheney.
“There is still the White House Cyber Coordinator, but I’m not sure that even during the Obama administration that that position was empowered enough to bring all of the people from around the government together and to really drive some of the change that’s necessary to make a big difference,” said Eric Rosenbach, co-director of Belfer Center at Harvard Kennedy School and former assistant secretary of defense for Homeland Defense and Global Security. “We still could use a very strong leadership position there.”
According to Rosenbach, the U.S. is currently in a “digital glass house,” which leaves both government and industry more vulnerable to cyberattack from less powerful countries.
“Cyber warfare is truly asymmetric. A small nation with an offensive cyber capability can have an outsized effect on a larger power. For example, the U.S., a technological and economic powerhouse, is significantly more vulnerable to cyberattack than North Korea,” said Rosenbach, adding that democratic nations are often more vulnerable than authoritarian nations.
Ravich testified that North Korea is becoming an increasing problem in cyberspace, and that their actions warrant increasing concern, particularly considering their ties to the recent WannaCry attack.
“The monetary haul from the scheme was minimal, leading some analysts to question if the effort was a test for a larger attack. Similar assessments have been made about the 2016 cyber bank heist that attempted to withdraw $1 billion from Bangladesh’s account at the New York Federal Reserve. Assessments now tie this attack back to the North Korean cyber group Lazarus,” said Ravich. “While some in the U.S. government have remarked that, if true, it appears that the North Koreans are now robbing banks, it is more chilling to consider that, if true, the North Koreans are now targeting our banking sector.”
Join us at GovProtect17 on June 21 for a one-day, collaborative discussion on how agencies can gain actionable insight into the increasingly complex security risks facing a modern government. Click here to learn more.
Ravich explained that while the government has done a good job of protecting the .gov and .mil networks, banking and financial networks remain vulnerable and prime targets for malicious nation-states.
“We would not be the No. 1 military if we were not the No. 1 economy,” said Ravich, who recommended working more closely with allies on strengthening cybersecurity.
“The U.S. cannot go it alone in its endeavor to safeguard the networks and systems upon which our economy depends. We must take steps to formalize the cyber partnerships that already exist with the other free-market democracies that are leaders in cyber science and technology. Such a ‘co-op’ should begin with the U.S., the U.K., and Israel, building on the fact that the U.K. and Israel are world leaders in cyber and already have cyber attachés stationed in Washington,” Ravich said in her written testimony.
“The fragility of our national security posture, combined with our adversaries’ perception that Russia’s recent actions achieved unprecedented success, increases the likelihood that the U.S. and our allies will experience more serious attacks like this in the coming years,” said Rosenbach. “I like the idea that there could be a very senior person in the White House driving this in the inner agency, interacting with the private sector, doing some things internationally. But it would have to be someone who has gravitas, has clout, and also who has the backing of the president.”